Editor-at-large Fred Langa has returned from a 5-month motorcyle tour of the U.S. and Canada. His all-new LangaList Plus column begins today in the paid version of the newsletter. Between Sept. 27 and Oct. 24, all paid subscribers are eligible for a bonus download, Wallpaper of the Journey — 25 high-quality images by Fred for use on your Windows desktop. Free subscribers can get the bonus by upgrading to the paid version. And anyone can purchase the entire set of images for U.S. $9.95. More info is in today’s Introduction column. • Paid readers:download the bonus • Free readers:upgrade to get the bonus • For everyone:purchase the download

We’ve added special links to help you use Digg, Delicious, Reddit, and other social-bookmarking sites to point to your favorite articles.

If you’re not yet using bookmarking sites, today would be a great day to start taking advantage of the wealth of content they bring together.

Bookmarking sites let you link to your favorites A social-bookmarking site lets users save links to articles on the Web. Many such services show the most-popular articles at the top of the listings.

We got a first-hand example of how this works when our Sept. 13, 2007, article, “Microsoft updates Windows without users’ consent,” rose to the No. 5 spot on the home page of Digg.com, arguably the Web’s biggest bookmarking site. As of Sept. 26, our story (with 2,847 diggs) and a follow-up at ZDNet were still rated No. 2 and No. 1 among all stories about Microsoft published in the previous 30 days (image, left).

And that was before we’d even added links to Digg and other bookmarking sites to our top stories.

This week, associate editor Scott Dunn has an even bigger story — the fact that Microsoft’s silent update is actually preventing some Windows users from getting the latest security patches. Let’s all use Digg today to help others find this article on the Web, shall we? Scroll to the links

Social-bookmarking sites are as different from each other as snowflakes. They all, however, allow you to register as a user (it’s free) so you can see your favorite links from wherever you have Internet access. Some sites require a valid e-mail address to confirm your registration, but as far as we know, your personal information is kept private by these sites and isn’t given out.

The bookmarking sites that attract the most traffic include the following:

• Digg, one of the 200 most-visited sites on the Web, according to Alexa, uses weighted voting to determine which stories rise to the top in eight major categories and numerous subcategories. More info, how to register

• Del.icio.us (pronounced “delicious”) allows you to save and tag your favorite links, which you can keep to yourself or share with your friends or the world. More info, how to register

• Reddit uses terser descriptions of articles than Digg, but encourages users to vote up or down on links, training the site to adapt to your likes and dislikes. More info, how to register

• StumbleUpon offers nearly 500 topics to help users narrow their queries to the most relevant articles. More info, how to register

There are dozens of bookmarking sites, and it would be incredibly confusing for us to show icons and links to them all. For this reason, we’ve developed a link that lets you choose any bookmarking site you like:

• Other takes you to a long list prepared by AddThis.com. Once you register and indicate the bookmarking service you like, you won’t have to choose again. More info, how to register

• Permalink shows you the permanent location of an article on the Web. This gives you a convenient way to send a link in an e-mail to a friend.

Initially, we’re offering links to Digg and other bookmarking services only at the end of our lead story. In the future, we hope to find a way to help you bookmark other stories and our paid content, too. Fred Langa’s journey produces some great photos Fred Langa, our editor-at-large, has finally come back from his five-month, cross-country motorcycle tour of the U.S. and Canada. His last article for Windows Secrets was on April 19, 2007.

In one of his adventures, Fred attracted the unwanted attentions of a wild bison (photo, left), which ambled within 4 feet of him. We don’t have a close-up of that moment, because Fred in his Bullfighter Red motorcycle outfit was wise not to make any sudden shutter-snapping movements.

Fred’s written a new series of eight columns documenting the technical support issues of Windows Secrets readers who won Housecalls, personal troubleshooting sessions with the Master.

Fred’s columns will appear in the paid version of the newsletter. To make our paid content even more worthwhile, all paid subscribers can download Fred’s best pictures from some of the remotest places in North America. We’ve collected the images into a .zip file suitable for use as Windows wallpaper. The photos are sized both for widescreen displays (16×9) and ordinary displays (4×3). Yes, the photos include Fred’s bison buddy.

We don’t require any set fee to get the paid version. Simply make a financial contribution of any amount — whatever it’s worth to you — and you’ll receive a full year of our best information, including Fred’s new LangaList Plus columns and photographs. How to upgrade

Thanks for your support! Excel 2007 displays 65,535 as 100,000 Commenters in the microsoft.public.excel discussion forum revealed on Sept. 22 that Excel 2007 incorrectly displays floating-point numbers around 65,535 and 65,536 as 100,000. A Slashdot user, however, reports that the affected cells work correctly in formulas and graphs, despite the errant display.

Microsoft blogger David Gainer acknowledged the problem on Sept. 25 and said the Redmond company is working on a fix. Until then, watch out when calculating those big mortgage payments!

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

A silent update that Microsoft deployed widely in July and August is preventing the “repair” feature of Windows XP from completing successfully.

Ever since the Redmond company’s recent download of new support files for Windows Update, users of XP’s repair function have been unable to install the latest 80 patches from Microsoft.

Repaired installations of XP can’t be updated Accounts of conflicts with XP’s repair option came to our attention after Microsoft’s “silent install” of Windows Update (WU) executable files, known as version 7.0.600.381, was reported in the Sept. 13 and 20 issues of the Windows Secrets Newsletter.

The trouble occurs when users reinstall XP’s system files using the repair capability found on genuine XP CD-ROMs. (The feature is not present on “Restore CDs.”) The repair option, which is typically employed when XP for some reason becomes unbootable, rolls many aspects of XP back to a pristine state. It wipes out many updates and patches and sets Internet Explorer back to the version that originally shipped with the operating system.

Normally, users who repair XP can easily download and install the latest patches, using the Automatic Updates control panel or navigating directly to Microsoft’s Windows Update site.

However, after using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren’t registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft’s 80 latest patches from installing — even if the patches successfully downloaded to the PC.

I was able to reproduce and confirm the problem on a test machine. When WU tries to download the most recent patches to a “repaired” XP machine, Microsoft’s Web site simply states: “A problem on your computer is preventing the updates from being downloaded or installed.” (See Figure 1.)

Figure 1. After a repair install of XP, which resets the operating system to its original state, Windows Update can’t install the 80 most-recent patches from Microsoft.__________

Most ordinary Windows users might never attempt a repair install, but the problem will affect many administrators who must repair Windows frequently. Anyone who runs XP’s repair function will find that isolating the cause of the failed updates is not a simple matter.

Beginning in July, it is not possible for Windows users to install updates without first receiving the 7.0.6000.381 version of nine Windows Update support files. (See my Sept. 13 story for details.) If Automatic Updates is turned on, the .381 update will be installed automatically. If AU is not turned on, you’ll be prompted to let Windows Update upgrade itself before you can installing any other updates. Consequently, users are forced to get the silent update before they can attempt to install Microsoft’s latest security patches.

The problem apparently arises because seven of the DLLs (dynamic link library files) used by WU fail to be registered with Windows. If files of the same name had previously been registered — as happened when Windows Update upgraded itself in the past — the new DLL files are registered, too, and no problem occurs. On a “repaired” copy of XP, however, no such registration has occurred, and failing to register the new DLLs costs Windows Update the ability to install any patches.

Registering DLL files is normally the role of an installer program. Unlike previous upgrades to WU, however, Microsoft has published no link to an installer or a downloadable version of 7.0.6000.381. Strangely, there’s no Knowledge Base article at all explaining the new version. The lack of a KB article (and the links that usually appear therein) makes it impossible for admins to run an installer to see if it would correct the registration problem.

One possible fix is to install an older version of the Windows Update files (downloadable from Step 2 of Microsoft Knowledge Base article 927891) over the newer version. This involves launching the installer from a command line using a switch known as /wuforce.

That corrects the registration problem, although even in this case you must still accept the .381 stealth update (again) before you can get any updates. The fact that the /wuforce procedure solves the problem suggests that the installer for .381 is the source of the bug. Manually registering files solves the problem If you find that Windows Update refuses to install most patches, you can register its missing DLLs yourself. This can be accomplished by manually entering seven commands (shown in Step 2, below) at a command prompt. If you need to run the fix on multiple machines, it’s easiest to use a batch file, as Steps 1 through 5 explain:

Step 1. Open Notepad (or any text editor).

Step 2. Copy and paste the following command lines into the Notepad window (the /s switch runs the commands silently, freeing you from having to press Enter after each line):

Step 3. Save the file to your desktop, using a .bat or .cmd extension.

Step 4. Double-click the icon of the .bat or .cmd file.

Step 5. A command window will open, run the commands, and then close.

The next time you visit the Windows Update site, you should not have any problem installing the latest patches.

In my articles in the last two weeks on the silent installation of the Windows Update support files, I stated that the stealthy upgrade seemed harmless. Now that we know that version .381 prevents a repaired instance of XP from getting critical patches, “harmless” no longer describes the situation. The crippling of Windows Update illustrates why many computer professionals demand to review updates for software conflicts before widely installing upgrades.

“I understand the need to update the infrastructure for Windows Update,” says Gordon Pegue, systems administrator for Chavez Grieves Engineers, a structural engineering firm in Albuquerque, N.M. “But I think Microsoft dropped the ball a little bit communicating how the system works. Administrators should know these sorts of things, in case problems arise.”

A Microsoft spokeswoman offered to provide an official response about the situation, but I received no reply by press time.

If you ever need to run the repair option on XP, first see the detailed description provided by the Michael Stevens Tech Web site.

I’d like to thank Windows Secrets contributing editor Susan Bradley for her help in bringing reports of this problem to light.

Have a tip about Windows? Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your comments via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the magazine’s Here’s How section.

Reports of Microsoft’s silent updates published on Sept. 13 and 20 by Windows Secrets raised security questions for many readers.

But with a little bit of know-how, you can keep risks to a minimum when getting updates using Internet Explorer or Mozilla Firefox.

Add extra security to your update strategy Following our stories about Microsoft’s silent updating of Windows Update, a large number of readers wrote in asking whether hackers might be able to use a similar mechanism to access their PCs.

Although there is no evidence that anyone has yet compromised the Windows Update service itself, the unfortunate answer is that hackers have already been using components of Windows Update to bypass firewalls, as reported by Symantec, Computerworld, and elsewhere last May. The method involves calling on the Background Intelligent Transfer Service (BITS), which is part of Windows XP, Windows Server 2003, and Windows Vista.

The good news is that reader Paul Jackson has come up with a tip that may reduce the risks posed by this service:

“I completely turn off Windows Update by disabling the Automatic Updates service and setting the BITS service to manual. I have an older machine so every little thing I can to help performance is welcomed.

“When I decide to do a Windows or Microsoft update, I run a batch file that changes the Automatic Update service type to Automatic, starts it and also starts the BITS service.

“I then run Microsoft update. When that’s done, I run another batch file to turn everything off and disable the service.”

Just to clarify, I have taken the liberty of moving the commands in Paul’s batch files to the steps below. The process is almost the same for XP and Vista, although Vista’s User Account Control will give you some confirmation prompts.

Step 3: Double-click Background Intelligent Transfer Service. If the Startup type is not already set to Manual, choose that option and click OK. Close the Services window.

Step 4: Open Notepad and copy and paste these lines into its window:

sc config wuauserv start= autosc start wuauservsc start BITS

Step 5: Save the file with a name like Before_Update.bat. Be sure to include the .bat or .cmd extension.

Step 6: In Notepad, choose File, New. Then copy and paste these lines into its window:

sc stop BITSsc stop wuauservsc config wuauserv start= disabled

Step 7: Save the file with a name like After_Update.bat. Be sure to include the .bat or .cmd extension.

Step 8:Vista only: Create shortcuts for each batch file by using the right-mouse button to drag and drop the file icons; choose Create Shortcuts Here. Right-click one shortcut and choose Properties. On the Shortcut tab, click Advanced. Check Run as administrator and click OK twice. Repeat for the other shortcut.

Step 9: When you want to get updates, double-click the Before_Update batch file (XP) or shortcut (Vista). Then use Windows Update to download the patches you need. Finally, double-click the After_Updates batch file (XP) or shortcut (Vista). Firefox add-ons are workarounds, not panaceas Regarding the tips published in our Sept. 13 and 20 issues for accessing the Windows Update Web site using the Mozilla Firefox browser, reader Leland Whitlock writes:

“I tried your method of using User Agent Switcher in order to run Windows Update, but it only works if you have the IE Tab installed. Then it automatically uses an IE Tab when you go to Microsoft Update. I think the problem is Windows Update uses ActiveX controls for access and Firefox, as far as I know, can’t run ActiveX.”

You are absolutely correct, Leland. Several readers reported similar frustrations. It appears that if you want to access Windows Update using Firefox, you have to accept the risk of using ActiveX.

You can, however, take steps to reduce your risks when using the IE Tab. It turns out that many of the security settings that you designate on your copy of IE are retained by the version embedded in Firefox. For example, I tested cookies, scripting of Java applets, ActiveX settings, and active scripting. For all of them, the embedded IE Tab followed the settings I had in IE.

Therefore, customizing IE 7’s security settings can also make Firefox safer when using the IE Tab. These tweaks were described in the Oct. 26, 2006, issue. In exception to the settings described there, you’ll need to use the following three options to access Windows Update in Firefox:

So while you can use the IE Tab extension to access Windows Update without ever leaving the comfort of your Firefox browser window, you will still be exposed to the risks of running Internet Explorer. Consequently, I call this a workaround rather than a solution. Just remember to click the tab to display the Firefox logo when you’re done using Windows Update.

Bonus tip: If you really want to get patches and updates securely while using Firefox, you can do without the IE tab entirely. Instead, manually download and install each patch you need from the Microsoft Download Center. The star-like WGA (Windows Genuine Advantage) logo by a patch lets you know which ones to avoid if you don’t want to install that component. Secunia posts FAQ to answer reader questions Several readers had problems with the Online Software Inspector at Secunia.com (not to be confused with the company’s Personal Software Inspector and Network Software Inspector). Some users weren’t finding the answers they needed on Secunia’s site or by e-mail. For example, Richard Bellin writes that he hasn’t received replies to messages he’d sent.

I contacted Secunia and received a response in one day. Here are the company’s answers to some of the most common questions readers submitted:

Q: Is Vista supported?A: As the Online Software Inspector is browser-based, Vista should be supported.

Q: Which versions of Java are needed to run the Online Software Inspector? A: The Software Inspector requires version 1.5.0_12 or later.

Q: Why does the Online Software Inspector keep finding nonsecure software when I’ve uninstalled it manually? And why are there so many versions of Flash on my computer?A: The answers to these questions depend on the specifics of your system. However, Secunia has recently posted a FAQ that should help answer these and other questions.

Readers Bellin, Jackson, and Whitlock will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

In the first of eight columns on my motorcycle tour of the U.S. and Canada, I describe my findings with a reader in the American West.

Unfortunately, this reader had a problem with his Temp folder.

The coast-to-coast motorcycle trek begins The American West and Midwest were still sweltering under a brutal heat wave when I pulled into Longmont, Colorado, last July. I was there to perform a "Housecall" (a free, day-long PC tune-up and tech session awarded to four Windows Secrets readers on June 7). I’d stitched together a series of Housecalls into a long, looping route across the full width of North America and back again. I was taking a month to ride from Housecall to Housecall on my motorcycle, so I could not only enjoy meeting the readers but also take in the scenery and the experiences along the highways between their locations.

Figure 1. My trusty steed (click photos to enlarge). This was my transportation for the 4-week, 10,355-mile (16,665-km) cross-continental odyssey: a Honda Goldwing loaded to the gills with clothing, food, water, camping gear, and what amounted to an entire portable office. In addition to the normal tools — such as a notebook PC — the high-tech gadgetry also included a GPS to plan and navigate the entire journey and a satellite radio to stay informed even when out of range of terrestrial radio stations.

Figure 2. The Mississippi River. Crossing this psychological halfway mark in a coast-to-coast journey across America really made me feel like I was making progress. When I took this photo, I was about 24 hours into the ride on the morning of the second day and about 1,300 miles (2,100 km) from where I started. I’d just crossed the big river and was standing in Minnesota looking back at Wisconsin. Flat landscapes are geologically fascinating I’d plotted my initial GPS route to take me through an area I’d long wanted to explore: the heartland of the continent. Sometimes, when I tell people that, I get a look that says, "So, flat earth really excites you, eh, Fred?" or: "You must really, really like corn."

While I must admit that parts of the region lack immediate visual excitement, there’s lots more than meets the eye. In fact, when you view that planar landscape through the lens of geology, it’s a fascinating place. Let me get just a little geeky on you for a minute to show you why I wanted to see the quiet expanses of North America’s central plains.

Figure 3. A Nebraskan back road. Some might find this landscape monotonous, but I think it has a beauty of its own. Plus, the geology of the area is inherently fascinating to someone like me; I’m familiar with the very different geology of my home region in the "Granite State," New Hampshire. Badlands reveal stark beauty of bare rock Sculpted by wind and water, the Badlands of South Dakota are an example of the geological richness present in what might otherwise seem to be a "boring" and featureless plain.

Protecting your privacy is becoming more difficult with each passing day.

Google and other service providers may be recording your Web surfing, but you can easily configure your system to protect against such tracking.

Google Analytics can track your Web history As you probably know, Google provides a variety of services beyond its search engine. One of those services, Google Analytics, is designed to help Web site operators track “where your visitors come from and how they interact with your site.”

Part of the process involves inserting JavaScript code (provided by Google) into a site’s Web pages. Then, when you visit the site, the script gathers various information about the your computer and browser (the last site you visited, your IP address, browser type, and more) and sets a cookie. The site operator can then review the Google Analytics data and use it as he or she sees fit.

From a Webmaster’s perspective, Google Analytics isn’t much different than many other Web tracking tools that are available. However, there are two major problems with third-party tracking services.

The first problem is that a site operator could modify a service provider’s JavaScript code to gather information beyond what might be expected.

Office 2003 Service Pack 3 is out, bringing the security of Office 2007 to the 2003 platform.

But, at the same time, there are a few “gotchas” with Office 2003 SP3 that you need to look out for.

923618 Give SP3 your attention, but watch for quirks When Office 2003 SP3 came out last week, some folks started installing it the very same day. When it comes to security patches, especially the ones that fix high-risk threats, I typically install them the same week that they’re released.

Service packs, however, are much more complex than mere patches — especially application-level service packs, which cannot be uninstalled. So I take the time to do my homework first. For Office 2003 SP3, your homework includes reading all of the information in Knowledge Base article 923618, which lists this service pack’s known issues.

Reading that KB article, you’ll probably wonder why Microsoft even released this service pack, since it breaks at least nine different things. The fact is that the security protections included in Office 2003 SP3 blocks older, insecure versions of Office file formats. This protection, I hope you’ll agree, will be worth the inconvenience.

As one example, the security features known as Moice (Microsoft Office Isolated Conversion Environment) are now included in Office 2003 SP3. This file-blocking technique was first announced back in May 2007 in MS security advisory 937696.

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by
Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our
free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside
party, ever.
2. We will never send you any unrequested e-mail, besides
newsletter updates.
3. All unsubscribe requests are honored immediately, period.
Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe
from the Windows Secrets Newsletter,

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.